The acronym UBU stands for “Unauthorised Business Use”. This is where overseas scammers use someone else’s identity and ABN to buy .au domain names that have just expired. More details on this type of activity can be found in this article I wrote previously.
This practise continues virtually unabated. It seems as soon as auDA takes down some sites and deletes domains, the scammers simply repeat the process. We’re not talking just hundreds of UBU’s – we are talking many thousands!
For example, yesterday I had a quick look at the current “Policy Delete” list, and saw that there are just over 2000 UBU’s about to be deleted.
Here is just one example of fake details on the WhoIs (poor old Swinburne!):
These scammers wouldn’t keep doing this unless they were making money – it’s as simple as that.
auDA is supposed to protect the integrity of the domain name system in Australia. In a recent speech on 31st July, this is what the auDA CEO (Cameron Boardman) said in relation to “cyber security” and domain names:
“It is the simple premise that if any consumer goes to a dot au website, they can have confidence that that dot au website represents exactly what it should be. That the policy settings; that the adherence to policy; that the relationship with the registry and registrars is absolutely correct and robust; that we are maintaining stability, integrity and trust in the domain name system”.
Listen to the 41 second audio here:
By my simple estimate, there are potentially in excess of 20,000 UBU’s registered this year. That is not a misprint. Have a look at this slide from the auDA CEO’s recent presentation:
Wiser people than me tell me that the number is actually far higher than this – we are dealing with the tip of the iceberg.
Who Loses From UBU’s?
♦ The Australian consumer who tries to buy something from one of these fake sites. If they get any product at all, it will invariably be a “knock off”. They’ll never see a refund, and their credit card details are compromised.
♦ The poor Aussie business or organisation who unwittingly has their ABN used by a scammer to register a domain (reputational damage).
♦ The original registrant who for whatever reason had the domain name expire.
Who Wins From UBU’s?
♦ The scammers.
♦ The registrars who allow the domains to get registered in the first place. They get a fee for every domain registered – and re-registered.
♦ AusRegistry – every time a domain gets registered, as the “wholesaler” they effectively get around $14 per domain.
♦ auDA – as the regulator, they get $3.50 per domain.
Do the maths on 20,000 domains. UBU’s are great for cash flow!
What’s The Solution?
In the past, auDA have been quick to ping certain registrars for infractions of their rules and policies. Think Bottle, Netfleet, Crazy Domains, and Enetica.
The question that a lot of people are asking is why has auDA not suspended the .au accreditation of Public Domain Registry and Tucows (until they sort the problem out within their own systems i.e. certain resellers)? They seem to be the common denominator when it comes to the registration of UBU’s.
If this was done today, I believe you’d see a major impact on UBU registrations.
Ned O’Meara – 23 August 2017